fluent-plugin-aws-elasticsearch-service 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +14 -0
  3. data/fluent-plugin-aws-elasticsearch-service.gemspec +1 -1
  4. data/lib/fluent/plugin/out_aws-elasticsearch-service.rb +20 -6
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cebb1488546995a34d5c6cd9f019b5d29b4607a2a5067f97945b728c07779f12
4
- data.tar.gz: 15c86bb134d81b1443eb775e9ec6948b055506d3dbd47a86294d0106de7720c6
3
+ metadata.gz: 5d84467ff7d53aaf3fd8b30bc85e7f9448593be039343b82afe787a1c4a4aae6
4
+ data.tar.gz: c0843971ac83c97da2999308412043ff099c48c1915fed1170c30c20b5ead286
5
5
  SHA512:
6
- metadata.gz: a556f97f09ff229fdad4db491181a52045fbc45c52cf28134134bf0e2488746c052e6926ff7ea0988a7359569d246ef770f775800f113f3e4b1ae37e1ad8ac3f
7
- data.tar.gz: 130a434abf6cee619873a61de9dde56f00ac6f3a1ea6ff69575cd100f0b63c97667ea04cde23c4e4f4d0e4b00ab12b761f1577fd4509995052acdc78fae9a254
6
+ metadata.gz: 29a91e7961c4f6eb7fd671c5dbc0710d5a45efaf84188b1a99f012342384f51db6b1434fb2bfe2f903c26540296610d3446a4570abe5926d44e988df55b6a40a
7
+ data.tar.gz: d93f4865d68fc05ec3b82d66872598d7769e108f143204b041649b91659e6763dd33c138ad3cf3467771e3348336f433a8f35a18345c8a8f3d9e7422592ccdd1
data/README.md CHANGED
@@ -126,6 +126,20 @@ You'll need to ensure that the environment in which the fluentd plugin runs has
126
126
  }
127
127
  ```
128
128
 
129
+ ### EKS
130
+ If you want to use IAM roles for service accounts on Amazon EKS clusters, please refer to the official documentation and specify a Service Account for your fluentd Pod.
131
+
132
+ Then, the endpoint configuration looks like:
133
+
134
+ ```ruby
135
+ <endpoint>
136
+ url https://CLUSTER_ENDPOINT_URL
137
+ region eu-west-1
138
+ assume_role_arn "#{ENV['AWS_ROLE_ARN']}"
139
+ assume_role_web_identity_token_file "#{ENV['AWS_WEB_IDENTITY_TOKEN_FILE']}"
140
+ </endpoint>
141
+ ```
142
+
129
143
  ## Troubleshooting
130
144
 
131
145
  * "Elasticsearch::Transport::Transport::Errors::Forbidden" error="[403]" even after verifying the access keys/roles/policies.
data/fluent-plugin-aws-elasticsearch-service.gemspec CHANGED
@@ -5,7 +5,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
5
 
6
6
  Gem::Specification.new do |spec|
7
7
  spec.name = "fluent-plugin-aws-elasticsearch-service"
8
- spec.version = "2.1.0"
8
+ spec.version = "2.2.0"
9
9
  spec.authors = ["atomita"]
10
10
  spec.email = ["sleeping.cait.sith+gh@gmail.com"]
11
11
 
data/lib/fluent/plugin/out_aws-elasticsearch-service.rb CHANGED
@@ -15,10 +15,11 @@ module Fluent::Plugin
15
15
  config_param :region, :string
16
16
  config_param :url, :string
17
17
  config_param :access_key_id, :string, :default => ""
18
- config_param :secret_access_key, :string, :default => ""
18
+ config_param :secret_access_key, :string, :default => "", secret: true
19
19
  config_param :assume_role_arn, :string, :default => nil
20
20
  config_param :ecs_container_credentials_relative_uri, :string, :default => nil #Set with AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable value
21
21
  config_param :assume_role_session_name, :string, :default => "fluentd"
22
+ config_param :assume_role_web_identity_token_file, :string, :default => nil
22
23
  end
23
24
 
24
25
  # here overrides default value of reload_connections to false because
@@ -84,11 +85,19 @@ module Fluent::Plugin
84
85
  }).credentials
85
86
  end
86
87
  else
87
- credentials = sts_credential_provider({
88
- role_arn: opts[:assume_role_arn],
89
- role_session_name: opts[:assume_role_session_name],
90
- region: opts[:region]
91
- }).credentials
88
+ if opts[:assume_role_web_identity_token_file].nil?
89
+ credentials = sts_credential_provider({
90
+ role_arn: opts[:assume_role_arn],
91
+ role_session_name: opts[:assume_role_session_name],
92
+ region: opts[:region]
93
+ }).credentials
94
+ else
95
+ credentials = sts_web_identity_credential_provider({
96
+ role_arn: opts[:assume_role_arn],
97
+ web_identity_token_file: opts[:assume_role_web_identity_token_file],
98
+ region: opts[:region]
99
+ }).credentials
100
+ end
92
101
  end
93
102
  end
94
103
  raise "No valid AWS credentials found." unless credentials.set?
@@ -106,6 +115,11 @@ module Fluent::Plugin
106
115
  @sts ||= Aws::AssumeRoleCredentials.new(opts)
107
116
  end
108
117
 
118
+ def sts_web_identity_credential_provider(opts)
119
+ # AssumeRoleWebIdentityCredentials is an auto-refreshing credential provider
120
+ @sts ||= Aws::AssumeRoleWebIdentityCredentials.new(opts)
121
+ end
122
+
109
123
  end
110
124
 
111
125
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-aws-elasticsearch-service
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
4
+ version: 2.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - atomita
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-03-04 00:00:00.000000000 Z
11
+ date: 2019-10-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler